LinkedIn confirms several million passwords hacked
LinkedIn confirmed that as many as 6.5 million passwords had been compromised.
Los Angeles Times
LOS ANGELES — LinkedIn announced that some of its accounts were compromised Wednesday morning, and it is forcing users that were hacked to change their passwords.
The company confirmed the news on its blog hours after various outlets had reported as many as 6.5 million passwords had been compromised.
LinkedIn said it would be locking out hacked users until they changed their passwords. It also sent emails to them on how to change their passwords and a second email from the company's customer support with more information about the hacking.
LinkedIn said it would continue to investigate the cyberattack.
The hack became news after sites began reporting that information on 6.5 million passwords had been posted on a Russian hacker site, but the data appeared to be unsalted, meaning they were missing an extra layer of protection.
As many as 300,000 of the stolen passwords were actually cracked and broken into, according to some reports on the Web.
For much of Wednesday, LinkedIn did not confirm the attack, instead tweeting that it was continuing to investigate. At one point, the social network also published a blog with instructions on how to set secure passwords for any users interested in doing so to protect themselves.
The company tried to put a positive spin on the attack, blogging that all of its users would benefit from the situation as the company has already put in place an enhanced security system.
But some questioned why LinkedIn's passwords didn't already have some of these protections.
Geoff Webb, director of Credant Technologies, a security firm in Texas, said he wanted LinkedIn to answer how hackers had gotten access to its hashes and what else they may have accessed.
The company did not go into detail as to how hackers accessed its information.